Open5gs Security Vulnerabilities (CVEs)

This vulnerability in Open5GS SMF component allows remote attackers to trigger a reachable assertion via manipulated PDP context requests, potentially...

A memory corruption vulnerability in Open5GS MME component allows remote attackers to potentially crash the service or execute arbitrary code. This af...

This CVE describes a null pointer dereference vulnerability in Open5GS PGW S5U Address Handler that can cause denial of service. Attackers can remotel...

A stack-based buffer overflow vulnerability in Open5GS allows remote attackers to execute arbitrary code or cause denial of service by manipulating th...

This vulnerability in Open5GS allows remote attackers to trigger a reachable assertion in the CreateBearerRequest handler, potentially causing denial ...

CVE-2026-1738 is a reachable assertion vulnerability in Open5GS SGWC component that allows remote attackers to cause denial of service by manipulating...

A reachable assertion vulnerability in Open5GS SGWC component allows remote attackers to cause denial of service by sending specially crafted requests...

A denial-of-service vulnerability exists in Open5GS SGWC component where remote attackers can manipulate the ogs_gtp2_f_teid_to_ip function to crash t...

A denial-of-service vulnerability exists in Open5GS SGWC component where the sgwc_s11_handle_modify_bearer_request function can be remotely triggered ...

A remote denial-of-service vulnerability exists in Open5GS SGWC component where manipulation of the sgwc_s5c_handle_bearer_resource_failure_indication...

Open5GS WebUI uses a hard-coded JWT signing key ('change-me') when the JWT_SECRET_KEY environment variable is not set, allowing attackers to forge aut...

A denial-of-service vulnerability exists in Open5GS SGWC component where remote attackers can crash the service by sending malicious S11 protocol mess...

CVE-2025-15532 is a resource consumption vulnerability in Open5GS's Timer Handler component that allows remote attackers to cause denial of service th...

This vulnerability in Open5GS allows remote attackers to trigger a reachable assertion in the sgwc_bearer_add function, potentially causing denial of ...

This vulnerability in Open5GS allows remote attackers to trigger a reachable assertion in the SGW-C component, potentially causing denial of service. ...

A denial-of-service vulnerability exists in Open5GS's GTPv2 Bearer Response Handler component. Attackers can remotely crash affected systems by sendin...

A denial-of-service vulnerability exists in Open5GS's SGWC component where remote attackers can manipulate the sgwc_s5c_handle_create_session_response...

A local denial-of-service vulnerability exists in Open5GS versions up to 2.7.6 where the ogs_gtp2_parse_bearer_qos function mishandles Bearer QoS IE L...

This vulnerability in Open5GS allows remote attackers to trigger a reachable assertion in the PFCP Session Establishment Request Handler by manipulati...

This vulnerability in Open5GS PFCP handler allows remote attackers to exploit improper initialization in the ogs_pfcp_handle_create_pdr function. It a...

This vulnerability in Open5GS allows remote attackers to trigger reachable assertions in PFCP (Packet Forwarding Control Protocol) handling functions,...

A null pointer dereference vulnerability in Open5GS's PFCP handler allows remote attackers to cause denial of service by crashing the service. This af...

A reachable assertion vulnerability in Open5GS UPF component causes denial of service when processing malformed PFCP Session Establishment Requests wi...

Open5GS AMF crashes when receiving a malformed NGSetupRequest message, causing denial of service for 5G core network users. This affects all deploymen...

A reachable assertion vulnerability in Open5GS NRF (Network Repository Function) allows attackers with network connectivity to send a specific SBI req...

Open5GS v2.7.5 is vulnerable to a NULL pointer dereference when receiving multipart/related HTTP POST requests with empty bodies to its Service-Based ...

A vulnerability in Open5GS allows remote attackers to cause denial of service by sending a specially crafted Create Session Request message to the SMF...

This vulnerability in Open5GS allows attackers to cause denial of service by triggering an assertion failure through repeated UE connect/disconnect me...

A reachable assertion vulnerability in Open5GS AMF component allows remote attackers to cause denial of service by triggering an assertion failure in ...

A denial-of-service vulnerability exists in Open5GS SMF component where the smf_gsm_state_wait_pfcp_deletion function can be manipulated remotely to c...

This vulnerability in Open5GS AMF component allows remote attackers to trigger a reachable assertion via the ngap_build_downlink_nas_transport functio...

This vulnerability in Open5GS AMF component allows remote attackers to cause denial of service by exploiting a flaw in the gmm_state_de_registered/gmm...

A denial-of-service vulnerability in Open5GS SMF component allows remote attackers to crash the service by manipulating stream arguments in the smf_st...

This vulnerability in Open5GS AMF component allows remote attackers to cause denial of service by exploiting a flaw in the gmm_state_exception functio...

A denial-of-service vulnerability exists in Open5GS AMF component where the esm_handle_pdn_connectivity_request function can be manipulated by remote ...

A vulnerability in open5gs upf component allows remote attackers to cause denial of service by sending specially crafted PFCP SessionEstablishmentRequ...

A buffer overflow vulnerability in the PFCP library of open5gs allows a local attacker to execute arbitrary code or cause denial of service by providi...

A denial-of-service vulnerability in Open5GS AMF/MME component allows remote attackers to crash the service by manipulating the ran_ue_id argument in ...

A reachable assertion vulnerability in Open5GS AMF/MME components allows remote attackers to cause denial of service by triggering assertion failures ...

This vulnerability in Open5GS allows attackers to cause a denial of service by triggering a crash in the AMF component during specific handover scenar...

A denial-of-service vulnerability in Open5GS AMF component allows a single malicious UE to crash the AMF service by exploiting the gmm_state_authentic...

This vulnerability in Open5gs AMF allows remote attackers to cause a denial of service by sending specially crafted InitialUEMessage or Registration r...

A denial-of-service vulnerability in Open5GS v2.7.2 allows remote attackers to crash the service via the ogs_dbi_auth_info function. This affects all ...

This vulnerability in Open5GS allows attackers to trigger a denial of service by sending a specially crafted NGAP packet to the nas_eps_send_emm_to_es...

This vulnerability in Open5GS allows attackers to trigger a reachable assertion in the mme_ue_find_by_imsi function by sending a specially crafted NAS...

This vulnerability in Open5GS allows attackers to trigger a reachable assertion in the ogs_kdf_hash_mme function by sending a specially crafted NAS pa...

CVE-2024-34235 is a remotely triggerable assertion vulnerability in Open5GS MME that allows denial of service attacks. Attackers can send malformed S1...

This vulnerability allows remote attackers to cause denial of service by sending malformed ASN.1 packets to Open5GS MME servers. Attackers can repeate...

CVE-2023-37016 is a remotely triggerable assertion vulnerability in Open5GS MME that allows denial of service attacks. Attackers can send malformed AS...

Open5GS MME versions up to 2.6.4 contain a remotely triggerable assertion via malformed ASN.1 packets on the S1AP interface. Attackers can send S1Setu...